The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2010-0106 Related Report None Severity HIGH Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Permissions escalation. Text containing HTML, smilies, or images can be parsed in the content that includes a template, even though the wiki forum containing the content does not allow the text to parse, as long as both:
- The wiki forum containing the template does allow it, AND
- The template is parsed prior to the escalated content.
Discovered August 17, 2010 Resolved August 17, 2010 Patches Available 3.0.3 Notes
Even though the issue did not affect the 2.x series at the time of the patch, subsequent patch code of the 2.x series replicated code that this was intended to patch, from a copy before this patch, resulting in future 2.x versions to be vulnerable for the remainder of the lifetime of that series.
This page has been seen 4,577 times.
-
-
Created by on
-